source: doc/API @ 3529e2d

mei_rt2mei_rt2_fix_1meiyap-rt1rt2
Last change on this file since 3529e2d was 5308660, checked in by Ted Faber <faber@…>, 13 years ago

RT2 interface changes

  • Property mode set to 100644
File size: 4.5 KB
Line 
1C++ API
2
3(see bottom for notes on C, Perl, and Python.)
4
5ABAC::abac_chunk_t
6    unsigned char *data
7    int len
8
9    structure, represents a blob of memory
10    used to load/return DER-encoded X509 certificates
11
12ABAC::Context
13    Context()
14        default constructor, takes no argument
15    Context(const Context &ctx)
16        copy constructor, used for cloning the context
17
18    int load_id_chunk(abac_chunk_t chunk)
19    int load_id_file(char *filename)
20        load an identity certificate, returns:
21            ABAC_CERT_SUCCESS   successfully loaded
22            ABAC_CERT_INVALID   invalid certificate (or file not found)
23            ABAC_CERT_BAD_SIG   invalid signature
24
25    int load_attribute_chunk(abac_chunk_t chunk)
26    int load_attribute_file(char *filename)
27        load an attribute certificate, returns the same values as above
28        * additionally can return ABAC_CERT_MISSING_ISSUER if the issuer
29          certificate has not been loaded
30
31    void load_directory(char *path)
32        load a directory full of certificates:
33            first: ${path}/*_ID.{der,pem} as identity certificates
34            then: ${path}/*_attr.der as attribute certificates
35
36    std::vector<Credential> query(char *role, char *principal, bool &success)
37        run the query:
38            role <-?- principal
39        returns true/false in success
40        returns a proof upon success, partial proof on failure
41
42    std::vector<Credential> credentials()
43        returns a vector of all the credentials loaded in the context
44
45ABAC::Credential
46    This is never instantiated directly. These will only ever be
47    returned as a result of calls to Context::query or
48    Context::credentials.
49
50    Role &head()
51    Role &tail()
52        returns the head or tail of the credential
53        see below for Role object
54
55    abac_chunk_t attribute_cert()
56        returns the DER-encoded attribute certificate, suitable for
57        transmission over the network or storage in a file
58
59    abac_chunk_t issuer_cert()
60        returns the DER-encoded issuer certificate, again suitable for
61        network transmission or file storage
62
63ABAC::Role
64    Role(const Role &role)
65        copy constructor, clones the role
66
67    char *string()
68        returns a string representation of the role
69
70    the following are rarely used outside the library:
71
72    Role(char *role_name)
73        instantiate a role from a string
74
75    bool is_principal()
76    bool is_role()
77    bool is_linking()
78        indicates the type of role encoded
79
80    char *principal()
81        returns the principal part of any role
82    char *role_name()
83        returns the role name of any role (the part after the last dot)
84    char *linked_role()
85        returns the linked role of a linking role
86        i.e., A.r1.r2, linked_role() returns A.r1
87    bool is_oset()
88        returns true if the Role is actually an oset or object.  The above
89        is_* functions return identify the oset analogs (object, oset, and
90        linked oset).
91
92
93C API
94
95The C API is nearly identical to the C++ API. Due to lack of namespaces,
96all function names are preceeded by abac_. Furthermore, the parameter
97representing the object must be passed explicitly.
98
99Example:
100
101    C++:    ctx.load_attribute_file("test_attr.der");
102    C:      abac_context_load_attribute_file(ctx, "test_attr.der");
103
104Instead of copy constructors, the C API uses _dup. Therefore, to copy a
105role use abac_role_dup(role_t *), to copy a context use
106abac_context_dup(context_t *), and to copy a credential use
107abac_credential_dup(abac_credential_t *).
108
109abac_context_query() and abac_context_credentials() return
110NULL-terminated arrays of Credential objects (abac_credential_t * in C).
111When you are done with them, you must free the whole array at once using
112abac_context_credentials_free().
113
114PERL AND PYTHON API
115
116The Perl and Python APIs are even more similar to the C++ API. The main
117changes are the use of native types instead of C/C++ types.
118
119    - native strings instead of char *
120
121    Perl:
122        - arrayref instead of vector
123        - string instead of chunk_t
124        - Context::query returns a list of two elements:
125            my ($success, $credentials) = $ctx->query($role, $principal);
126            $success is a boolean
127            $credentials is an arrayref of Credential objects
128
129    Python:
130        - tuple instead of vector
131        - bytearray instead of chunk_t (>= 2.6)
132        - string instead of chunk_t (< 2.6)
133        - Context::query returns a tuple with two elements:
134            (success, credentials) = ctx.query(role, principal)
135            success is a boolean
136            credentials is a tuple of Credential objects
Note: See TracBrowser for help on using the repository browser.